(SOLVED) OPNsense - Nginx reverse proxy -> Vaultwarden docker synology

pxs · January 15, 2022, 8:36am

I have Vaultwarden running on docker on synology nas.
I have a opnsense firewall with reverseproxy (nginx).
I have the website and service running. It all works great with lets encrypt cert.

What I can’t figure out is how to get the livesync / WebSocket to work and how to arrange the correct way to set this up in opnsense nginx GUI.

Somebody here that knows how to do this?

BlackDex · January 15, 2022, 8:58am

Have you seen the wiki already??

pxs · January 15, 2022, 9:27am

BlackDex, thank you for your fast reply.
I have seen the proxy examples and I am looking for help / do not know, how to add this below part in the opnsense - nginx gui:
}

location /notifications/hub {
proxy_pass http://:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}

location /notifications/hub/negotiate {
proxy_pass http://:80;

is it by url rewrite, adding new https servers and upstream to port 3012? so I am lost there

BlackDex · January 15, 2022, 9:43am

Maybe it would be better if you can show what you have right now.

pxs · January 15, 2022, 10:12am

I can do that, but it is all screen/gui based and different than a config file.
I can upload pictures of it?

BlackDex · January 15, 2022, 10:47am

I would be uncertain on how to help if you don’t understand the proxy-examples and how to implement that into the synology/nginx.

Those examples are 1:1 working examples so they should just work out-of-the-box besides changing the server_name and proxy_pass to match your specific setup.

pxs · January 15, 2022, 12:19pm

BackDex,

thank you for your help and guidance. With the examples and the help from opnsense community I was able to make this work!
So I leave this here for other users running self hosted Vaultwarden and opnsense reverse proxy:

One HTTP Server

Two Upstream servers: one for tcp80, second - for tcp3012

Two Upstreams: one pointing to tcp80 Upstream server, second - pointing to tcp3012 Upstream server

Three Locations: “/” and “/notifications/hub/negotiate” - pointing to tcp80 Upstream, “/notifications/hub” - pointing to tcp3012 Upstream with " WebSocket Support" enabled.

In HTTP Server settings choose all three locations (root ("/"), hub ("/notifications/hub") and hub_nego(""/notifications/hub/negotiate""))

and I had to change the docker listening localhost to 0.0.0.0 to make it work.

really love the real time updates to all devices!

Topic		Replies	Views
OPNSense with HAProxy and Websocket support - Need help :( Third Party Help	0	1258	November 13, 2022
Enabling WebSocket on Synology	2	1183	January 24, 2024
Vaultwarden and Nginx Proxy Manager Help	35	41447	January 3, 2025
Using Nginx as reverse proxy Third Party Help	10	5043	May 19, 2021
Help with HTTPS, using duckdns and opnsense Third Party Help	2	79	December 13, 2024

(SOLVED) OPNsense - Nginx reverse proxy -> Vaultwarden docker synology

Related topics